Fix usage of SHA-2 algorithm with OpenPGP cards.

This was a regression in 2.1 introduced due to having the agent do the
signing in contrast to the old "SCD PKSIGN" command which accesses the
scdaemon directly and passed the hash algorithm.  The hash algorithm
is used by app-openpgp.c only for a sanity check.

agent/ChangeLog

@@ -1,3 +1,8 @@
+2011-03-02  Werner Koch  <wk@g10code.com>
+
+	* call-scd.c (hash_algo_option): New.
+	(agent_card_pksign): Use it with PKSIGN.
+
 2011-03-02  Ben Kibbey  <bjk@luxsci.net>  (wk)
 
 	* command.c (cmd_clear_passphrase): Add option --mode=normal.

agent/agent.h

@@ -365,6 +365,7 @@ int agent_card_pksign (ctrl_t ctrl,
                        const char *keyid,
                        int (*getpin_cb)(void *, const char *, char*, size_t),
                        void *getpin_cb_arg,
+                       int mdalgo,
                        const unsigned char *indata, size_t indatalen,
                        unsigned char **r_buf, size_t *r_buflen);
 int agent_card_pkdecrypt (ctrl_t ctrl,

agent/call-scd.c

@@ -796,13 +796,33 @@ inq_needpin (void *opaque, const char *line)
 }
 
 
+/* Helper returning a command option to describe the used hash
+   algorithm.  See scd/command.c:cmd_pksign.  */
+static const char *
+hash_algo_option (int algo)
+{
+  switch (algo)
+    {
+    case GCRY_MD_MD5   : return "--hash=md5";
+    case GCRY_MD_RMD160: return "--hash=rmd160";
+    case GCRY_MD_SHA1  : return "--hash=sha1";
+    case GCRY_MD_SHA224: return "--hash=sha224";
+    case GCRY_MD_SHA256: return "--hash=sha256";
+    case GCRY_MD_SHA384: return "--hash=sha384";
+    case GCRY_MD_SHA512: return "--hash=sha512";
+    default:             return "";
+    }
+}
 
-/* Create a signature using the current card */
+
+/* Create a signature using the current card.  MDALGO is either 0 or
+   gives the digest algorithm.  */
 int
 agent_card_pksign (ctrl_t ctrl,
                    const char *keyid,
                    int (*getpin_cb)(void *, const char *, char*, size_t),
                    void *getpin_cb_arg,
+                   int mdalgo,
                    const unsigned char *indata, size_t indatalen,
                    unsigned char **r_buf, size_t *r_buflen)
 {
@@ -837,9 +857,11 @@ agent_card_pksign (ctrl_t ctrl,
   inqparm.getpin_cb = getpin_cb;
   inqparm.getpin_cb_arg = getpin_cb_arg;
   inqparm.passthru = 0;
-  snprintf (line, DIM(line)-1,
-            ctrl->use_auth_call? "PKAUTH %s":"PKSIGN %s", keyid);
-  line[DIM(line)-1] = 0;
+  if (ctrl->use_auth_call)
+    snprintf (line, sizeof line, "PKAUTH %s", keyid);
+  else
+    snprintf (line, sizeof line, "PKSIGN %s %s",
+              hash_algo_option (mdalgo), keyid);
   rc = assuan_transact (ctrl->scd_local->ctx, line,
                         membuf_data_cb, &data,
                         inq_needpin, &inqparm,

agent/divert-scd.c

@@ -347,7 +347,7 @@ divert_pksign (ctrl_t ctrl,
       int save = ctrl->use_auth_call;
       ctrl->use_auth_call = 1;
       rc = agent_card_pksign (ctrl, kid, getpin_cb, ctrl,
-                              digest, digestlen, &sigval, &siglen);
+                              algo, digest, digestlen, &sigval, &siglen);
       ctrl->use_auth_call = save;
     }
   else
@@ -359,7 +359,7 @@ divert_pksign (ctrl_t ctrl,
       if (!rc)
         {
           rc = agent_card_pksign (ctrl, kid, getpin_cb, ctrl,
-                                  data, ndata, &sigval, &siglen);
+                                  algo, data, ndata, &sigval, &siglen);
           xfree (data);
         }
     }